P
US7484091B2ExpiredUtilityPatentIndex 98

Method and system for providing a trusted platform module in a hypervisor environment

Assignee: IBMPriority: Apr 29, 2004Filed: Apr 29, 2004Granted: Jan 27, 2009
Est. expiryApr 29, 2024(expired)· nominal 20-yr term from priority
Inventors:BADE STEVEN ACATHERMAN RYAN CHARLESHOFF JAMES PATRICKKELLEY NIA LETISERATLIFF EMILY JANE
G06F 21/53
98
PatentIndex Score
144
Cited by
4
References
3
Claims

Abstract

A method is presented for implementing a trusted computing environment within a data processing system. A hypervisor is initialized within the data processing system, and the hypervisor supervises a plurality of logical, partitionable, runtime environments within the data processing system. The hypervisor reserves a logical partition for a hypervisor-based trusted platform module (TPM) and presents the hypervisor-based trusted platform module to other logical partitions as a virtual device via a device interface. Each time that the hypervisor creates a logical partition within the data processing system, the hypervisor also instantiates a logical TPM within the reserved partition such that the logical TPM is anchored to the hypervisor-based TPM. The hypervisor manages multiple logical TPM's within the reserved partition such that each logical TPM is uniquely associated with a logical partition.

Claims

exact text as granted — not AI-modified
1. A method for implementing a trusted computing environment within a data processing system, the method comprising:
 initializing a hypervisor within the data processing system, wherein the hypervisor supervises a plurality of logical, partitionable, runtime environments within the data processing system; 
 reserving a logical partition for a hypervisor-based trusted platform module (TPM) which provides integrity measurements for a software state of the data processing system; 
 presenting the hypervisor-based trusted platform module to logical partitions as a virtual device via a device interface; 
 creating by the hypervisor multiple logical partitions within the data processing system; 
 instantiating multiple logical TPM's within the reserved partition, wherein the logical TPM's are anchored to the hypervisor-based TPM; and 
 managing the multiple logical TPM's within the reserved partition such that each logical TPM is uniquely associated with a logical partition. 
 
   
   
     2. The method of  claim 1  further comprising:
 receiving from a TPM device driver in one of the logical partitions a trusted platform module functional request on an input queue of the device interface; and 
 transferring by the hypervisor the queued TPM functional request to the hypervisor-based TPM. 
 
   
   
     3. The method of  claim 1  further comprising:
 receiving from the hypervisor-based TPM a trusted platform module functional response on an output queue of the device interface; and 
 transferring by the hypervisor the queued TPM functional response to the a TPM device driver in one of the logical partitions.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.